2016-09-24 11:00:46 +08:00
|
|
|
# frozen_string_literal: true
|
2017-11-25 11:23:47 -08:00
|
|
|
|
2012-09-22 22:39:12 -04:00
|
|
|
class ApplicationController < ActionController::Base
|
2016-03-24 21:26:07 -07:00
|
|
|
include ApplicationHelper
|
2016-02-13 17:28:09 +08:00
|
|
|
include Pundit
|
2016-03-12 09:37:32 +11:00
|
|
|
include PunditExtra
|
2016-03-11 21:35:48 +08:00
|
|
|
rescue_from Pundit::NotAuthorizedError, with: :handle_unauthorized
|
2015-11-03 22:22:53 +08:00
|
|
|
|
2016-09-24 12:27:34 +08:00
|
|
|
before_action :invite_link
|
2016-09-29 18:46:00 +08:00
|
|
|
before_action :prepare_exception_notifier
|
2016-02-19 09:23:39 +08:00
|
|
|
after_action :allow_embedding
|
2016-03-24 21:26:07 -07:00
|
|
|
|
2016-03-12 13:20:15 +11:00
|
|
|
def default_serializer_options
|
|
|
|
|
{ root: false }
|
|
|
|
|
end
|
|
|
|
|
|
2014-01-28 22:46:58 -05:00
|
|
|
# this is for global login
|
|
|
|
|
include ContentHelper
|
2015-12-22 13:16:03 -05:00
|
|
|
|
2012-09-22 22:39:12 -04:00
|
|
|
helper_method :user
|
|
|
|
|
helper_method :authenticated?
|
2014-05-17 14:57:03 -04:00
|
|
|
helper_method :admin?
|
2015-12-22 13:16:03 -05:00
|
|
|
|
2016-03-11 21:35:48 +08:00
|
|
|
def handle_unauthorized
|
2018-03-08 12:08:21 -05:00
|
|
|
head :forbidden
|
2016-03-11 21:35:48 +08:00
|
|
|
end
|
2016-03-24 21:26:07 -07:00
|
|
|
|
2016-07-26 08:14:23 +08:00
|
|
|
private
|
2012-09-22 22:39:12 -04:00
|
|
|
|
2016-09-24 12:27:34 +08:00
|
|
|
def invite_link
|
2016-07-26 08:14:23 +08:00
|
|
|
@invite_link = "#{request.base_url}/join" + (current_user ? "?code=#{current_user.code}" : '')
|
2016-03-29 22:34:47 +08:00
|
|
|
end
|
|
|
|
|
|
2012-09-22 22:39:12 -04:00
|
|
|
def require_no_user
|
2016-09-24 12:27:34 +08:00
|
|
|
return true unless authenticated?
|
2018-03-08 12:08:21 -05:00
|
|
|
head :forbidden
|
2016-12-12 22:28:10 -05:00
|
|
|
false
|
2012-09-22 22:39:12 -04:00
|
|
|
end
|
2015-12-22 13:16:03 -05:00
|
|
|
|
2012-09-22 22:39:12 -04:00
|
|
|
def require_user
|
2016-09-24 12:27:34 +08:00
|
|
|
return true if authenticated?
|
2018-03-08 12:08:21 -05:00
|
|
|
head :forbidden
|
2016-12-12 22:28:10 -05:00
|
|
|
false
|
2012-09-22 22:39:12 -04:00
|
|
|
end
|
2015-12-22 13:16:03 -05:00
|
|
|
|
2014-05-17 14:57:03 -04:00
|
|
|
def require_admin
|
2016-09-24 11:00:46 +08:00
|
|
|
return true if authenticated? && admin?
|
2018-03-08 12:08:21 -05:00
|
|
|
head :forbidden
|
2016-09-24 11:00:46 +08:00
|
|
|
false
|
2014-05-17 14:57:03 -04:00
|
|
|
end
|
2015-12-22 13:16:03 -05:00
|
|
|
|
2012-09-22 22:39:12 -04:00
|
|
|
def user
|
|
|
|
|
current_user
|
|
|
|
|
end
|
2015-12-22 13:16:03 -05:00
|
|
|
|
2012-09-22 22:39:12 -04:00
|
|
|
def authenticated?
|
|
|
|
|
current_user
|
|
|
|
|
end
|
2015-12-22 13:16:03 -05:00
|
|
|
|
2014-05-17 14:57:03 -04:00
|
|
|
def admin?
|
2015-12-16 21:32:50 +08:00
|
|
|
authenticated? && current_user.admin
|
2014-05-17 14:57:03 -04:00
|
|
|
end
|
2015-11-03 22:22:53 +08:00
|
|
|
|
2016-02-19 09:23:39 +08:00
|
|
|
def allow_embedding
|
2016-07-26 08:14:23 +08:00
|
|
|
# allow all
|
2016-02-19 09:23:39 +08:00
|
|
|
response.headers.except! 'X-Frame-Options'
|
|
|
|
|
# or allow a whitelist
|
|
|
|
|
# response.headers['X-Frame-Options'] = 'ALLOW-FROM http://blog.metamaps.cc'
|
2015-11-03 22:22:53 +08:00
|
|
|
end
|
2016-09-29 18:46:00 +08:00
|
|
|
|
|
|
|
|
def prepare_exception_notifier
|
|
|
|
|
request.env['exception_notifier.exception_data'] = {
|
|
|
|
|
current_user: current_user
|
|
|
|
|
}
|
|
|
|
|
end
|
2012-09-22 22:39:12 -04:00
|
|
|
end
|
